CrossNodes Briefing: DHCP - Page 2
DHCP, in theory, seems simple. However, it takes time to set up a DHCP-based network. Older devices may not support DHCP. In some cases, these devices only support BOOTP, an older, simplified version of DHCP. Although many DHCP-enabled servers can support these devices, managers will need to configure the server. In other cases, some devices require a permanent IP address, and these must be identified and assigned. Some network managers prefer to manually assign IP addresses to routers, printers and other "permanent" devices.
In addition, managers using dynamic allocation techniques must take time to calculate the proper lease time for the IP addresses. The server verifies each connection when the lease time reaches the halfway point. If a network supports multiple remote sessions that last a relatively short amount of time, the lease time can be set minutes. This ensures that IP addresses will be released and available for subsequent users. For more stable networks, a lease time can be set for several hours or days. The lease time can effect network performance, so the manager must consider this parameter carefully.
Managers also need to consider the impact of service interruptions. Scheduled server maintenance or server failures can create havoc in a DHCP configuration. Longer lease times generally recover better from interruptions, but managers can implement multiple servers that share a pool of IP addresses to help resolve the problem. Managers can implement servers that share all available IP addresses, or they can select a subset of addresses to share among servers. Each approach requires that the servers synchronize their database of IP assignments, and this requires server processing.
Security also presents a problem. Firewalls, for example, generally allow managers to configure a list of acceptable IP addresses. If these addresses are dynamically assigned, it is more difficult to determine whether the device connecting to the network is authorized. Similarly, DHCP does not specify links to authentication programs, so managers may encounter difficulties implementing these types of security.